Tuesday, June 13, 2017

It's unfortunate that Viruses and Malware developers will continue finding ways to bypass security on mobile devices and PC in order to harm or hold the owner at ransom. Few weeks ago, we talked about Judy which was a serious ransomware that autoclicks ads thereby generating money for the owner and Ransomware which encrypts (locks) folders on users PC and demand for some thousands of dollars as ransom in order to regain access to the files, but thanks to the developers who found a way to descript and fix it BUT now there is a new trending Virus called Dvmap that is attaching Android devices.
Dvmap is primarily targeting mobile devices, according to Kaspersky Labs . This threat is known as Dvmap, and it is different from all the malware we know and trust Google to protect us from.

Kaspersky has been monitoring the distribution of a Trojan horse in the Play Store since April 2017. Dvmap has been able to hide from Google’s protection and verification mechanisms by regularly swapping clean code with malicious code and vice versa. Now, we know that the Bouncers, which was introduced in 2012 to keep malware from the Play Store, can be tricked easily.

How It Works

This malware, classified by Kaspersky Labs as Trojan.AndroidOS.Dvmap.a is a particularly tricky form of malware, according to experts. It tries to gain root access in four different ways, even with 64-bit compatible code. Worse, it injects malicious code into system libraries libdmv.so and libandroid_runtime.so. Subsequently, the Trojan horse triggers protection mechanisms to verify and install third-party apps. This is done by an administrator service called com.qualcmm.timeservices, which looks similar to a legitimate background service like com.qualcomm.timeservices. Note the difference between the two service names, as it is a common ruse employed by hackers and malware advertisers to trick users into trusting them.

Now, the malware could install third-party software on infected devices at a later date. The author could offer this ability to anyone interested, on the black market. Right now, a huge number of devices could be affected. But so far, only a maximum of 50,000 devices are reported to be affected.

REASON WHY IT'S TOO DANGEROUS

Theoretically, Google can delete harmful apps remotely from your device. However, since the malware manipulates system libraries, it could prevent Google from being able to do so, or report the uninstallation immediately to the malware’s author. The author could then install a different version of the malware to escape the protection mechanism again.

HOW TO FIX YOUR PHONE IF INFECTED BY DVMAP

Right now, only formatting the system partition and reinstalling the original firmware can save an affected smartphone.

HOW TO SECURE AND PREVENT YOUR PHONE FROM. BEING ATTACHED

The only way to prevent this from happening is to have the latest security patches. However, not everyone gets the updates, as manufacturers fear that if they do so they will not buy new phones. But ensure your apps are up to date. Refrain from the habit of downloading or collecting apps, music, files etc from untrusted sites, phones or PC. via